Use of email in the modern era is a fast, cheap and efficient way of communication. The danger here is that there is record of all your communications neatly and conveniently stored in one place – your email account. It can include contact name, addresses, phone numbers and even in some instances login details to banking facilities and other critically sensitive information.
For these reasons, your email account is a gold mine for cybercriminals. There is so much useful information stored in one central place – easy pickings.
Within the last 24 hours, we have received calls from 3 unrelated businesses reporting hacking of their email accounts. In these instances, the cybercriminals have managed to access the target email accounts sending out phishing emails to all their contacts. This points to what seems to be trend or outbreak of cybercriminals targeting email accounts.
The subject of the email reads “important information” and contents include:
Kindly Click Here to review this confidential information i shared with you
when you click on the link you are redirected to this site where you are asked to click onto your email provider.
Very smart and lie to get your login credentials.
If unbeknowingly you sign in with your email address and password, you are caught in the phishing expedition. Your login details are in the hands of an unauthorised third party. This elaborate phishing expedition is perpetuated with the cybercriminal logging into your email account and forwarding the above email to your contacts. As the email comes from a trusted source – you – they are more than likely to do what is asked in the email. So it goes on.
There is a further complexity in this lie. Filters are set in your email to ensure that any emails received advising you of the hacking is automatically sent to your trash folder. It is then deleted.
- Check your sent items. The chances are that if there are emails to sent to contacts which you do not remember sending, then you are compromised. You can then see who the phishing emails have been sent to and advise them to delete the email if they have not accessed it or if they have to read this post.
- Check your email logs. For users of Gmail or Google Apps for Work this can be found at the bottom of the page after you have logged into your email through a web browser. Click on “Details” on the bottom right hand corner which will show you the login IP addresses and countries of the last few logins. Any IP addresses sourced outside your country suggests your email has been hacked.
Browser (Chrome) Show details Malaysia (188.8.131.52) 10:42 am (15 minutes ago)
What should I do if my email has been compromised? You need to act fast to remove or reduce any potential damage. The more time you give the cyber criminals, the more likely they have found a way to leverage money from your personal information/communication/data.
Go through the following steps:
- Log into your email via the web browser and reset the password. This will stop the cybercriminals from getting back in.
- In Gmail/Google Apps click your name or your picture in the top right hand corner.
- Click Account
- Under Security check-up click GET STARTED
- Check your recent logins and click “Something looks wrong” to reset your password
- Remove any apps, websites and devices linked to your email that you’re not aware of
- Follow the prompts to setup 2-step Verification (click here for more on 2-step verification)
- Clear open sessions. If the cyber criminal is still logged in while you reset your password it may not kick them out immediately so they could still do damage. Best to close all open sessions, to do this:
- Scroll to bottom of Gmail
- Click Details in bottom right corner
- Click Sign out of all other web sessions (best to reset your password before doing this step)
- Alert others. Its likely the cybercriminals has sent their Spam/Phishing email to your contacts. Check your sent items folder or deleted folder to find this email. Notify all the people who got sent the email advising them to not open the email and delete it. If they did accidentally fall into the trap then refer them to this article on what to do.
Cyber criminals are getting more clever in how they go about accessing your personal information to access your cloud apps. Here are some tips on ways you can protect yourself and your business.
- Education. Be aware of how phishing scams work and look out for this type of activity. Always check why a website might be asking for your email and password. Also check things like:
- its a secure site with https:// (there should be a padlock too)
- the domain name looks correct e.g https://mail.google.com is correct
- Have anti-Phishing detection on your antivirus software and make sure its up to date. Many free antivirus programs such as Microsoft Security Essentials doe not include anti-phishing features. Best to upgrade your antivirus if this is the case.
- Secure your email with 2-step verification if using gmail run through the Security Check Up wizard to do this or do this manually by following steps in my previous article
- Single Sign On for all your cloud apps. This will protect all your cloud apps and is highly recommended. Good Single Sign on systems allow you to restrict which sites can login to your cloud apps as well as integrate Single Sign On.
- Click this link to perform an IT security audit to identify other potential vulnerabilities in your network.
If you are ever in doubt, please contact an expert. Onsite Helper is a strong advocate for IT security and continues to help clients work through such incidents when it happens. Let us know if we can be of service to you.